Two executive directors of small non-profits have approached me recently asking for advice regarding internal controls. Specifically, they were concerned about preventing the theft of cash from their respective organizations.
Traditional internal accounting controls largely hinge on separating duties in such a way that the work of one person efficiently validates the work of another. Internal accounting controls also limit the ability of any one person to control a transaction in its entirety. As an example, an accounting clerk prepares a list of payables from records of purchases, receipts, and vendor billing, another clerk prepares checks for signature, a custodian (treasurer) then reviews and signs the checks, and yet another clerk mails the checks to the recipients. In terms of fraud deterrence, it is very important that the clerk mailing the checks not be the same clerk that prepared them. In order for this particular procedure to be effective, we need at least four people involved in the disbursement process.
This is a great procedure for organizations large enough to use it. It doesn't work at all in small organizations for a reason that should be obvious - not enough people. Very few small organizations have four people available every time they need to write checks.
It is well known among fraud professionals that fraud is a major contributor to the failure of small organizations. It is also commonly know by fraud professionals that small organizations are highly unlikely to recognize this fact and deal with it in a proactive manner. Fraud professionals commonly believe that this is due primarily to denial; that small business people are overly trusting, naively believing that fraud happens "to someone else".
I do not entirely agree.
In my opinion, people in small organizations are just as aware of the consequences of fraud as people in larger organizations; they just don't have effective tools with which to combat it. Further, due to this lack of tools, people in small organizations either ignore the problem or become paranoid and sometimes paralyzed.
I believe there is a better way.
Instead of thinking in terms of hierarchical controls, think in terms of sharing the work. Fraud creeps in when one person hoards the work. Sharing not only decreases fraud probabilities, it makes for a more efficient and congenial workplace.
As an example, let us assume a small non-profit with an executive director and a board of directors. In such organizations the checks are commonly prepared by the executive director, signed by an officer of the board, and returned to the executive director for distribution. The bank statement is mailed to the office where the executive director reconciles it. The executive director is in complete control. Other than personal integrity, there is nothing to deter this executive director from stealing. In some cases the executive director, possibly an accounting illiterate, has a clerk assistant who does the work. In this case the accounting assistant is in control.
With two small no cost changes we can eliminate most of the problem. First, instead of returning the checks to the executive director for distribution, the officer of the board could distribute them. In most cases this amounts to putting checks in pre-addressed envelopes and dropping them in the nearest mailbox. Second, with the approval of the board, the bank statement can be mailed by the bank directly to the home of the check-signing officer of the board. At a minimum the officer of the board should peruse the statement and checks for obvious discrepancies before turning it over to the executive director for reconciliation. If a clerk assistant is doing the actual work, the executive director should also review the work from time to time.
Assuming a minimum of goodwill and civility, these two small changes should result in a more secure arrangement with no additional cost or loss of efficiency. Fraud could still happen, but is less probable. Also, if it does happen it is more likely to be detected.
The above is an example only. The idea is to
intelligently
share duties in such a way as to enhance security without incurring
excess
cost or impairing the office function.